Cyber Prep 2.0: Motivating Organizational Cyber Strategies in Terms of Threat Preparedness Deb Bodeau
|
|
- Anna Ball
- 6 years ago
- Views:
Transcription
1 Cyber Prep 2.0: Motivating Organizational Cyber Strategies in Terms of Threat Preparedness Deb Bodeau Richard Graubart As cyber threats evolve, organizations increasingly need to define their strategies for cyber security, defense, and resilience. Cyber Prep 2.0 is a threat-oriented approach that allows an organization to define and articulate its threat assumptions, and to develop organization-appropriate, tailored strategic elements. While Cyber Prep 2.0 focuses on advanced threats and corresponding elements of organizational strategy, it includes material related to conventional cyber threats. Cyber Prep 2.0 can be used in standalone fashion, or it can be used to complement and extend the use of other, more detailed frameworks (e.g., the NIST Cybersecurity Framework) and threat models. 1 Organizations Need to Prepare for Cyber Threats Over the past several years, the cyber threat ecosystem has grown in size and complexity. Reports of major data breaches, campaigns by advanced actors, and marketplaces in malware and unpublished vulnerabilities have raised the awareness of Government and business leaders that cybersecurity and resilience must be considered as part of enterprise risk management. Cyber preparedness organizational preparedness to handle cyber attacks has become an integral part of the aspects of enterprise risk management related to dependence on cyberspace. At the same time, as depicted in Figure 1, the landscape of resources frameworks, guidelines, information sharing efforts, and commercial services related to cyber risk management continues to increase in size and complexity. Government has undertaken the transition from compliance-oriented to risk-management thinking, while the private sector and public-private partnerships have promulgated numerous cybersecurity-related frameworks and guidance. Threat information sharing in the form of reports, mechanisms for automated exchange, and partnerships or other efforts is recognized as vital to cyber defense. Figure 1. Organizations Must Navigate an Increasingly Complex Cybersecurity Landscape These resources vary in their underlying assumptions about the nature of the cyber threat. Some explicitly assume conventional threats (e.g., disgruntled or suborned insiders, denial-of-service attacks, hackers who have obtained legitimate user credentials). Others, while mentioning advanced cyber threats, do not consider the need for resilience in the face of ongoing, stealthy campaigns, or the need to prepare for attacks which cross organizational boundaries. Some focus on technical solutions, while others emphasize operations. Any organization that seeks to improve its preparedness for cyber threats must navigate this increasingly large and complex cybersecurity resources landscape to determine which resources will be relevant and useful. 1
2 2 Cyber Prep Cyber Prep recognizes that cyber preparedness organizational preparedness to handle cyber attacks has become an integral part of cyber risk management, 1 which in turn has become integral to enterprise risk management [1]. For ease of exposition, Cyber Prep 2 defines five broad classes or levels of adversarial threats and five corresponding classes of organizational preparedness strategies. To move beyond these broad classes, Cyber Prep provides a threat modeling framework; it then links uses adversary characteristics to motivate aspects of strategy in three interdependent areas: Governance: What is the organization s overall approach to defending against cyber threats? How strongly integrated is cyber risk management with other aspects of organizational risk management? Is the focus on compliance or pushing the state of the art to better engage the advanced persistent threat (APT)? Operations: Is the organization simply reacting to incidents as they become evident, or are cyber defenders proactively engaging early and across the cyber attack life cycle? How much does the organization use threat intelligence in its operations? How integrated (or isolated) is the organization s cyber security staff with other key players such as cyber defenders, malware analysts, and tool developers? Architecture & Engineering: How well defined, and integrated with mission operations, is the organization s security architecture? Are the organization s security capabilities focused on some or all of the NIST Cybersecurity Framework (CSF) core functions; do they go beyond the CSF and address aspects of cyber resiliency? What is the organization s security engineering orientation? The choice of a target level for a given aspect in an area (e.g., the level of Internal Integration in the area of Governance) is driven by specific adversary characteristics (e.g., persistence, capabilities). 2.1 The Cyber Prep Toolset Cyber Prep is designed to be used at successive levels of refinement and detail, in terms of both its threat model and the aspects of the three strategic areas (Governance, Operations, and Architecture & Engineering). Thus, Cyber Prep provides a toolset of models, questions, and tables at different levels of detail. As described in Section 3 below, a first approximation is the assumption about the type of threat (conventional vs. advanced) and the corresponding risk management philosophy (practice-driven vs. threat-oriented); a second approximation uses the five broad classes of adversaries and strategies to help an organization characterize its preparedness posture. Next, as discussed in Section 4, Cyber Prep provides a threat modeling framework, focused on why an adversary might persistently target an organization. This enables an organization to clarify its threat assumptions to define its threat model. Cyber Prep then enables an organization to motivate (in terms of adversary characteristics) and articulate (in terms of aspects of architecture, operations, and governance) the elements of its preparedness strategy, thus helping the organization to develop a strategic roadmap. As a next approximation, Section 5 presents an initial high-level characterization of preparedness strategies. In more detail, Cyber Prep includes tables defining tailorable descriptions of 1 Cyber risk management is the management of cyber risks, i.e., risks of depending on cyberspace, particularly risks due to malicious cyber activities (MCA)[12]. Cyber risk is a subset of information security risk, as defined in NIST SP R1 [3]. 2 Cyber Prep 2.0 updates and supersedes MITRE s previous Cyber Prep methodology [13]. 2
3 each aspect of the three strategic areas, for five classes of preparedness. Cyber Prep also includes mappings from adversary characteristics to target classes of preparedness for each aspect. Finally, as described in Section 6, by enabling an organization to clarify its assumptions and describe key aspects of its cybersecurity strategy, Cyber Prep enables an organization to tailor and integrate concepts, guidance, and elements from a variety of frameworks and guidelines. In particular, Cyber Prep enables an organization to decide which portions of other frameworks (e.g., NIST Cybersecurity Framework) are relevant, and to develop a roadmap for applying those portions over time. As the threat landscape has evolved, an understanding of adversaries and the potential impacts of their activities has become more important to organizations seeking to define a tailored and cost-effective cyber strategy. An organization can use the Cyber Prep threat model and characterizations of aspects of Governance, Operations, and Architecture & Engineering to assess its current preparedness and to define its cyber preparedness strategy. An organization that seeks to improve its overall cybersecurity posture often starts by acquiring cybersecurity products and tools, and then abandoning them because it lacks the expertise or sufficient staff to use them effectively, or because it failed to establish supporting policies and procedures or to resource the products and tools to make them operational. 2.2 Distinguishing Features of Cyber Prep Cyber Prep is a practical approach, providing multiple tools which an organization can use to articulate its strategy for addressing advanced cyber threats. It provides motivation for technical investments and organizational evolution. Distinguishing characteristics of Cyber Prep include: Cyber Prep looks at both the threat organizations face and the measures that organizations may take to defend themselves, making explicit the relationship between the two components. Cyber Prep enables an organization to articulate why it might be a target of advanced cyber adversaries, to develop profiles of its anticipated adversaries, and thus to motivate specific elements of its cyber preparedness strategy. While many frameworks focus on one dimension (e.g., adversary capabilities, or the operational aspect of the defender), Cyber Prep represents multiple dimensions of both the attacker and defender: o o For the Attacker, Cyber Prep considers Intent (e.g., financial gain, geopolitical advantage), Scope, Timeframe, and Capabilities (e.g., resources, expertise). For the Defender, Cyber Prep considers Governance (e.g., organizational roles), Operations (e.g., proactive vs. reactive posture, stages of the cyber attack lifecycle 3 (CAL) addressed), and Architecture & Engineering (e.g., how well-defined the security architecture is, how the organization approaches security engineering). Cyber Prep facilitates definition and articulation of threat assumptions and concerns, and identification of tailored strategic elements, appropriate for the organization based on the threat. It is emphatically not intended to serve as either a compliance vehicle, or a maturity model. Thus, while the Governance, Operations, and Architecture & Engineering areas are described in an incremental manner for five different preparedness strategies, Cyber Prep assumes that the organization will pick and choose strategic goals based on such considerations 3 Cyber attack lifecycle stages used in this paper are based on the structure of an APT campaign as defined in NIST Rev 1, App E [2]. 3
4 as size, culture, and legal, regulatory, and contractual constraints, rather than taking an all-ornothing approach as in a compliance or maturity model. Cyber Prep can be used in standalone fashion and/or it can be used to complement, link and extend the use of other, more detailed frameworks (e.g., the NIST Cybersecurity Framework) and threat models. 4 3 Initial Orientation The first tools in the Cyber Prep toolset are intended to help an organization orient to the threat, rather than taking a compliance mindset. As a first approximation, Cyber Prep identifies two types of adversary 1) conventional and 2) advanced which correspond to two risk management philosophies 1) threatagnostic or practice-driven and 2) threat-oriented. While malware and vulnerability marketplaces put sophisticated tools into the hands of conventional adversaries, the strategies and procedures of such adversaries are relatively static, and can largely be addressed by standards of good practice. Advanced adversaries, by contrast, learn, evolve, and cannot be addressed by a good-practice, complianceoriented strategy. A threat-oriented preparedness strategy builds on good practice, but provides ways to make trade-offs based on an appreciation of why an advanced adversary might target the organization. While Cyber Prep 2.0 focuses on advanced threats and corresponding elements of organizational strategy, it includes material related to conventional cyber threats. Advanced cyber threats often take advantage of weaknesses in an organization s foundational practices, using tactics, techniques, and procedures (TTPs) typical of conventional adversaries. Thus, an organization can and should take good practices into consideration, while recognizing that these are insufficient to address advanced threats. One advantage of moving from a practice-driven to a threat-oriented approach is that any organization s cybersecurity resources are limited. In addition, an organization s strategic choices are constrained by such factors as organizational culture and risk tolerance, legacy investments, partnership or customer agreements, and the size and quality of the cybersecurity workforce. Thus, any organization must make trade-offs among the practices it implements. Cost-effectiveness can be improved by informing those trade-offs with an understanding of the cyber threats for which the organization must best be prepared. While these two broad types and philosophies provide an initial step toward articulating the organization s risk frame i.e., how it thinks about risk, including its assumptions about threats and its concern for consequences they are too general to drive the definition of a risk management strategy. As a second approximation, Cyber Prep defines five classes or levels of adversary, based primarily on the adversary s goals, and five corresponding preparedness strategies. These are illustrated in Figure 2. 4 Examples of cybersecurity frameworks include the NIST Cybersecurity Framework (CSF)[2], the Joint Transformation Initiative risk management process [5], the CERT Resilience Management Model [6], the Booz Allen Hamilton Cyber Operations Maturity Framework [7], and the Cyber Resiliency Engineering Framework [8][9]. Examples of threat models include the Defense Science Board s model [4], as well as models of the cyber kill chain [10] or cyber attack lifecycle [3][11]. 4
5 Figure 2. Cyber Prep Classes The set of Cyber Prep classes provides a means for an organization to Articulate its risk frame, and in particular its understanding of cyber threats, as illustrated in Table 1. This risk framing focus allows Cyber Prep to complement various risk management processes (e.g., the NIST organizational risk management process) and frameworks (e.g., the NIST Cybersecurity Framework). Define its overall strategy succinctly, in terms of the types of adversaries it faces, and the approaches it takes in order to be prepared for attacks by such adversaries. This is illustrated in Table 2. 5 Identify high-level mismatches between its risk frame and its overall strategy. For example, a practice-driven organization might take a Critical Information Protection strategy, but face a persistent adversary seeking Cyber Breach. The five classes are characterized in terms of the organization s cyber threat model 6 and its overall strategy for addressing the cyber threat. The statements in these tables are representative examples, and for the sake of brevity, use terminology from the NIST Cybersecurity Framework [2] and NIST SP R1 [3]. It must be emphasized that these characterizations are designed to serve as a starting point for discussion. Follow-on questions related to why an organization might be targeted can be accompanied by threat briefings illustrating ways in which the five classes overlap. For example, an attack might be typical of a Cyber Incursion, but involve more advanced capabilities. An organization s strategy might be primarily characterized as Responsive Awareness, but include elements of Critical Information Protection and Cyber Resilience. 5 Note that bolding in these and other tables in this document indicates a change from the previous level. 6 A threat model identifies the characteristics of a threat, can also identify a representative or comprehensive set of threat events, and can include one or more approaches to creating threat scenarios. Cyber Prep restricts attention to adversary characteristics, since adversary tactics, techniques, and procedures (TTPs) evolve quickly and organizations increasingly assemble sets of potentially relevant threat events through threat intelligence information sharing activities. 5
6 Table 1. Characterizing the Threat Adversary Class Cyber Vandalism Cyber Incursion Cyber Breach & Organizational Disruption Cyber Espionage & Extended Disruption Cyber- Supported Strategic Disruption Representative Characteristics Goals: Personal motives (e.g., attention, malice), Financial gain (fraud) Scope: Organizational subset (e.g., public-facing service or Web site) Timeframe, Persistence, and Stealth: Attacker revisits periodically, but is not persistent, nor stealthy Examples of Effects: Web site defacement, DoS attack, Falsification of selected records Capability Examples: Freeware or purchased malware, purchased botnets, purchased or stolen credentials Goals: Personal motives (e.g., acquire personally identifiable information or PII about targeted individuals), Financial gain (fraud, salable information, extortion), Stepping-stone Scope: Organizational Operations; Organizational Associates Timeframe, Persistence, and Stealth: Sustained, persistent activities in selected stages of Cyber Attack Lifecycle (CAL): recon, deliver, exploit, control (limited), execute; limited concern for stealth Examples of Effects: Data breach, Ransomware, Extended DoS Capability Examples: Freeware or purchased malware, purchased botnets, purchased or stolen credentials used to acquire more credentials and further escalate privileges Goals: Financial gain (large-scale fraud or theft, salable information, extortion), Geopolitical advantage (economic), Stepping-stone Scope: Organizational Operations; Organizational Associates Timeframe, Persistence, and Stealth: Sustained with persistent, stealthy activities in most stages of CAL: recon, deliver, exploit, control, execute, maintain Examples of Effects: Extensive data breach, Establish foothold for attacks on other organizations Capability Examples: Adversary developed malware (e.g., 0-day exploits) Goals: Financial gain (fraud, salable information, extortion), Geopolitical advantage (all types) Scope: Organizational Operations; Sector Timeframe, Persistence, and Stealth: Sustained with persistent, stealthy activities in all stages of CAL Examples of Effects: Extensive or repeated data breaches, Extensive or repeated DoS Capability Examples: Malware crafted to the target environment, to maintain long-term presence in systems Goals: Geopolitical advantage (all types) Scope: Organizational Operations for selected organizations; Sector; Nation Timeframe, Persistence, and Stealth: Strategic with persistent, stealthy activities in all stages of CAL, covert activities against supply chains or supporting infrastructures, and covert intelligence-gathering Examples of Effects: Subverted or degraded critical infrastructure Capability Examples: Stealthy, destructive adversary-crafted malware, supply chain subversion, kinetic attacks 6
7 Table 2. Representative Characterization of Cyber Preparedness Strategies Preparedness Strategy Basic Hygiene Critical Information Protection Responsive Awareness Cyber Resilience Pervasive Agility Representative Characteristics Prepared to Detect or Defend Against: One-time or periodic attacks by a relatively unsophisticated adversary, with limited or near-term effects. Capability, Intent, and Targeting: Very Low 7. Prepared How: An ad-hoc, informal decision process is used for cybersecurity (CS), focusing on compliance with good practice. Minimal investment in assessing organizational security posture. CS staff respond to incidents post Execution. Security capabilities: CSF functions of Protect, Detect and Respond. Prepared to Detect or Defend Against: Sustained attacks by an unsophisticated adversary, with limited or near-term effects. Capability, Intent, and Targeting: Low. Prepared How: The Security Program Officer handles CS decisions. The organization shares threat information with partners. Organization monitors cyber resources. CS staff respond to Exploit and Execution stage incidents. Security capabilities: CSF functions of Protect, Detect, Respond, and Recover. Prepared to Detect or Defend Against: A sustained campaign by a stealthy, moderately-resourced adversary, seeking a significant, long-term advantage and extensive or mid-term effects. Capability, Intent, and Targeting: Medium. Prepared How: A responsible corporate officer handles CS decisions. CS is integrated with related disciplines. CS staff cooperate with counterparts at peer, partner, supplier, and customer organizations. Organization uses updated threat intelligence in monitoring. CS staff manage events across the cyber attack lifecycle. Security capabilities: all CSF functions and some limited cyber resiliency objectives. Prepared to Detect or Defend Against: Multiple sustained campaigns by stealthy, well-resourced adversaries, seeking long-term advantages, often on a large scale, with severe or long-term effects. Capability, Intent, and Targeting: High. Prepared How: A dedicated corporate officer handles CS decisions. CS and related disciplines are integrated with mission assurance (MA). Cyber defense and strategic planning staff coordinate with counterparts at peer, partner, supplier, and customer organizations. The organization maintains cyber situation awareness (SA). An integrated team of cyber defenders, malware analysts and tool developers jointly develop tailored response tools. Security capabilities: all CSF functions and most resiliency objectives. Prepared to Detect or Defend Against: Multiple sustained campaigns, integrated across different attack venues (cyber, supply chain, physical), by stealthy, strategic adversaries, seeking geopolitical advantages, with severe or long-term effects. Capability, Intent, and Targeting: Very High. Prepared How: The CEO is engaged in MA decisions. CS and related disciplines collaborate to ensure MA. Cyber defense and strategic planning staff collaborate with relevant mission or critical infrastructure sector entities. Cyber SA and mission SA integrated. Cyber defenders develop and use new threat analytic methods. An integrated team develops and uses new forensics methods. Contingency plans, COOP and cyber responses developed jointly. Coordination or collaboration with other organizations central to planning. Security capabilities: all CSF functions and all resiliency objectives. 4 Orient to the Threat Cyber Prep provides a threat modeling framework to enable an organization to orient to the threat. An organization begins by considering why an adversary might target organizational systems. An organization can be profiled in terms of four aspects: Assets: What the organization has. Assets are categorized as information, money, and capacity. Missions: What the organization does. This includes not only key mission or business functions, but also supporting functions, and in abnormal as well as normal circumstances. 7 Levels of Capability, Intent and Targeting are as defined in NIST SP [3]. 7
8 Role: What the organization s place in the cyber ecosystem is. In particular, an organization can be attacked as a stepping stone in an attack on one of its partners or customers. Symbolism: What the organization represents. A set of questions help develop the organization s profile as a target. Based on that profile, its cyber adversaries can be characterized, and organizational concerns for consequences of attacks can be elicited. 4.1 Characterize the Adversary The first key characteristic, related to why an adversary might persistently and stealthily target the organization, is the adversary goal or goals corresponding to assets, mission, role, and symbolism. Typical adversary goals include Financial gain (e.g., fraud, theft, or exfiltration of salable information) Geopolitical advantage (e.g., terrorism; undermining public confidence in institutions or infrastructures; or economic, diplomatic, or military advantage) Cyber advantage (e.g., acquiring stepping stones or resources for future attacks) Personal motives (e.g., attention, malice) Other characteristics are driven by how valuable a target the organization is for example, how much money it handles, how much sensitive information it retains, how crucial its missions are. These characteristics include: At what scope or in what arena does the adversary operate? Depending on their goals, an adversary can operate against a subset of the organization s systems (e.g., its external-facing services); the organization s operations; the organization s associates (customers, users, or partners); the organization s critical infrastructure or industry sector; or the nation. What are the likely capabilities and resources of the adversary? Are they minimal, causing the adversary to employ existing, known, malware? Or are they significant, allowing the adversary the benefit of being able to create their own malware, threat vectors, and possibly introduce vulnerabilities into the organization? In what timeframe does the adversary operate? Will the adversary s activities be periodic or episodic, or will the adversary commit to a sustained effort against the organization? An organization may well have multiple answers to these questions, identifying multiple types of adversaries, based on the different ways in which it could be a target. Because the strategies to address different types of adversaries can differ, an organization may need to consider each type in developing strategic plans, rather than simply making a worst-case assumption. However, for ease of exposition, the worst-case assumption or high-water mark of these characteristics can be used to describe the organization s adversary class. 4.2 Consider Potential Consequences After characterizing the adversary, an organization can make an assessment of the types of organizational or operational consequences of adversary activities. In effect, an organization asks: How much impact would result if an adversary successfully achieves its goals? The impacts can range from 8
9 Limited or near-term: Will have little or no impact on critical mission operations. Consequences can be handled within an operational planning or funding cycle (e.g., within a business quarter) or within the duration of a mission operation. Extensive or mid-term: Will have significant impact on critical mission operations, the organization, or its associates. Consequences require remediation or mitigation efforts that extend across operational planning or funding cycles. Severe or long-term: Will have extremely significant, potentially catastrophic impact on mission operations, the organization, or its associates. Consequences are of a duration or extent that must be considered by strategic planning. To understand how significant the effects of an adversary attack on or campaign against an organization might be, Cyber Prep provides a mapping from potential cyber effects (e.g., degradation or disruption of service; corruption, modification, or insertion of information; or exfiltration, interception, or other compromise of information) to adversary goals as well as to organizational assets, missions, or critical business functions. 5 Characterize Target Organizational Preparedness An organization s target cyber preparedness strategy is based on the adversary (or set of adversaries) that could affect its operations and future viability. An organization can use the characterizations of Cyber Prep classes to assess its current strategy and to define its target strategy. As a next approximation, an organization can do this initially at a high level, as illustrated in Table 3 on the following page. Note that the table identifies only a few typical characteristics of an organization for each class. An organization can choose to use Cyber Prep to drill down in the areas of Governance, Operations, and Architecture & Engineering, and in selected key aspects of these areas, as needed to define its target strategy well enough to use a more detailed framework and/or to develop a strategic roadmap. Even when the characteristics are described in such high-level terms, it will often be the case that an organization s strategy is a hybrid, for example combining the Governance aspects of one class with the Operations aspect of another, and the Architecture & Engineering aspects of a third. When the organization drills down, Cyber Prep is designed to support such variation. Moreover, the three broad areas (Governance, Operations, and Architecture & Engineering) are themselves comprised of various aspects, accommodating further organization-specific tailoring. Organizations can use various factors, including risk tolerance and resource limitations, to determine which characteristics of each aspect are most appropriate for the organization to select and emphasize. One important linkage must be emphasized: Multiple aspects of Architecture & Engineering depend on aspects of Operations, and in turn multiple aspects of Operations depend on aspects of Governance. For example, an organization that seeks to improve its overall cybersecurity often starts by acquiring cybersecurity products and tools (Architecture & Engineering), and then abandoning them because it lacks the expertise or sufficient staff (Operations) to use them effectively. Similarly, cybersecurity staff (Operations) in an organization that has not made a commitment to managing cybersecurity risk (Governance) will be overburdened, often asked to perform security tasks as an additional duty, or under-resourced. And some organizations risk mitigation philosophy (Governance) restricts the types of tools (Architecture & Engineering) they will use. 9
10 Table 3. Characterizing Organizational Preparedness Class Basic Hygiene Critical Information Protection Responsive Awareness Cyber Resilience Pervasive Agility Organizational Cyber Preparedness Summary Governance: The organization uses an informal decision process for cybersecurity (CS), which is not integrated with other disciplines. The focus is on compliance with good practice. Information sharing is limited to information and communications technology (ICT) staff. Operations: The organization invests minimally in assessing its security posture. CS staff are reactive and respond to incidents as they become aware of a situation. Architecture & Engineering: The organization informally defines its security architecture, focusing on security for the perimeter and selected internal resources. Governance: The Security Program Officer handles CS decisions. CS is aligned with related disciplines. The organization is able to handle short-term decision making disruptions informally. The organization shares threat information with partners and suppliers. Operations: The organization performs monitoring of cyber resources. CS staff perform ongoing review of threat intelligence on attack patterns. Architecture & Engineering: The organization s security architecture may be informally defined, to include data loss protection as well as security for the perimeter and internal resources. Governance: The responsible corporate officer handles CS decisions. The organization is able to handle decision making disruptions as part of continuity of operations. CS is integrated with related disciplines and pushes the state of the practice to address APT. CS staff cooperate with counterparts at peer, partner, supplier, and customer organizations. Operations: The organization uses updated threat intelligence in ongoing monitoring. CS staff manage events across the cyber attack lifecycle (CAL), and perform ongoing review of threat intelligence, including looking at future attack patterns. Architecture & Engineering: The organization s security architecture is defined, and includes mission/cs dependency analysis. Security capabilities support achievement of some limited cyber resiliency objectives. Governance: A dedicated corporate officer handles CS decisions. CS and related disciplines are integrated with mission assurance (MA) or continuity of operations. Cyber defense and strategic planning staff coordinate with counterparts at peer, partner, supplier, and customer organizations. Operations: The organization maintains situation awareness (SA) of cyber resources and threats. An integrated team of cyber defenders, malware analysts and tool developers jointly develop cyber courses of action (COAs) in response to malware. The organization s tailored training includes updated threat intelligence. Architecture & Engineering: The organization s security architecture is defined, includes mission/cs dependency analysis. Security capabilities are provided to achieve most resiliency objectives, informed by mission risk management. Governance: The CEO is engaged in MA decisions. CS and related disciplines collaborate to ensure MA and continuity. Cyber defense and strategic planning staff collaborate with relevant mission or critical infrastructure sector entities. Operations: Cyber SA is integrated with mission SA. Cyber defenders develop and use new threat analytic methods. Contingency plans, COOP and cyber COAs are developed jointly. Architecture & Engineering: The organization s security architecture is defined, includes mission/cs dependency analysis, and identifies dependencies on external systems. Security capabilities are provided for a full range of CS functions, and all resiliency objectives, informed by mission and strategic risk management. 10
11 6 Applying Cyber Prep with Other Frameworks The breadth of Cyber Prep including adversary characteristics and aspects of an organization s architectural, operational, and governance strategy enables it to be used to index into other frameworks. For example, the capability aspect of Cyber Prep threat classes roughly correspond to the Tiers of the DSB threat model [4], the Governance area of the first four Cyber Prep classes roughly correspond to Tiers 1-4 of the NIST Cybersecurity Framework [2], and some of the aspects of Governance in Cyber Prep are analogous to aspects of the governance and risk assessment capabilities of the CSF Core. An organization s ability to select or use a cybersecurity, resilience, or threat framework can be limited by its resources; organizational culture; sector; mission or business model; and/or risk frame [5]. Some frameworks never articulate threat assumptions; some assume only focus on the operations aspect of the defender; other frameworks are not intended to deal with APT. Using Cyber Prep, an organization can select the relevant portion(s) of one or more cybersecurity or resilience frameworks or guidelines. Cyber Prep can be used to index into another framework, so that an organization can identify a starting point for using that framework in defining its cybersecurity strategy. In addition, Cyber Prep can be used to link synergistically various other frameworks and guidance that focus on disparate aspects of an organization s threat or defender perspectives (e.g., pointing to the threat component of one framework, the operations component of another framework, the governance component of a third framework). This allows the relative strengths of those resources to be complementary, preventing the gaps or organization-irrelevant aspects of those resources from being weaknesses. 7 Summary Figure 3. Cyber Prep 2.0 Enables the Organization to Use Appropriate Resources Cyber Prep provides concepts, terminology, and characteristics that an organization can use to articulate its risk frame for cyber risks its assumptions about the cyber threat it faces and the potential consequences of greatest concern, the constraints on its cyber risk management decisions, its cyber risk tolerance, and its risk-related strategic trade-offs. Cyber Prep enables an organization to characterize 11
12 the class of threat it faces and its overall approach to cyber preparedness. This high-level characterization provides motivation for the organization s cybersecurity strategy. The organization s target cyber preparedness posture implies functional areas in which the organization needs capabilities, as well as its operational strategy for addressing activities at different stages in the cyber attack lifecycle. As an organization develops its cyber preparedness strategy, Cyber Prep provides characterizations in the areas of Governance, Operations, and Architecture & Engineering that the organization might target, and characteristics of more specific aspects if the organization seeks further details. Because Cyber Prep has been mapped to a variety of more detailed frameworks, an organization can use its target Cyber Prep class (or target class in the areas of governance, operations, architecture, or in more specific aspects) to identify the portions of those frameworks that are most relevant to the organization. References [1] NACD, "Cyber-Risk Oversight: Director's Handbook Series 2014," July [Online]. Available: [2] NIST, "Framework for Improving Critical Infrastructure Security, Version 1.0," 12 February [Online]. Available: [3] NIST, "Guide for Conducting Risk Assessments, NIST SP Rev.1," September [Online]. Available: [4] DoD Defense Science Board, "Task Force Report: Resilient Military Systems and the Advanced Cyber Threat," January [Online]. Available: [5] NIST, "NIST SP , Managing Information Security Risk: Organization, Mission, and Information System View," March [Online]. Available: [6] CERT Program, "CERT Resilience Management Model, Version 1.0: Improving Operational Resilience Processes," May [Online]. Available: [Accessed 26 October 2011]. [7] Booz Allen Hamilton, "Cyber Operations Maturity Framework," 16 June [Online]. Available: [8] D. Bodeau and R. Graubart, "Cyber Resiliency Engineering Framework (MTR110237, PR )," September [Online]. Available: [9] D. Bodeau and R. Graubart, "Cyber Resiliency Assessment: Enabling Architectural Improvement (MTR , PR )," May [Online]. Available: [10] E. M. Hutchins, M. J. Cloppert and R. M. Amin, "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," Proceedings of the 6th International Conference on Information- Warfare & Security (ICIW 2011), March [Online]. Available: Defense.pdf. [11] The MITRE Corporation, "Cybersecurity: Threat-Based Defense," [Online]. Available: [12] National Science and Technology Council, "Federal Cybersecurity Research and Development Strategic Plan," February [Online]. Available: elopment_stratgeic_plan.pdf. [13] D. Bodeau, J. Fabius-Greene and R. Graubart, "How Do You Assess Your Organization s Cyber Threat Level?," August [Online]. Available: 12
CYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationCyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016
Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda 21-22 September 2016 DAY 1: Cyber Intelligence Strategic and Operational Overview 8:30 AM - Coffee Reception
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationCyber Threat Intelligence Debbie Janeczek May 24, 2017
Cyber Threat Intelligence Debbie Janeczek May 24, 2017 AGENDA Today s Cybersecurity Challenges What is Threat Intelligence? Data, Information, Intelligence Strategic, Operational and Tactical Threat Intelligence
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationSection One of the Order: The Cybersecurity of Federal Networks.
Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationSoftware & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management
Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management Joe Jarzombek, PMP, CSSLP Director for Software & Supply
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationEvolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha
Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,
More informationCROWDSTRIKE FALCON FOR THE PUBLIC SECTOR
C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationCyber Security Maturity Model
Cyber Security Maturity Model Robert Lentz Former DoD CISO / Deputy Assistant Secretary Cyber Facts Facts About About Intrusions Intrusions 2 Verizon 2010 Data Breach Investigation Report WHO IS BEHIND
More informationTHE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER
THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE May 11, 2017 EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationTHE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER
FOR IMMEDIATE RELEASE May 11, 2017 THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationNew Guidance on Privacy Controls for the Federal Government
New Guidance on Privacy Controls for the Federal Government IAPP Global Privacy Summit 2012 March 9, 2012 Dr. Ron Ross Computer Security Division, NIST Martha Landesberg, J.D., CIPP/US The Privacy Office,
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationPresidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationEvolving Cybersecurity Strategies
Evolving Cybersecurity Strategies NIST Special Publication 800-53, Revision 4 ISSA National Capital Chapter April 17, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationHOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationRisk-Based Cyber Security for the 21 st Century
Risk-Based Cyber Security for the 21 st Century 7 th Securing the E-Campus Dartmouth College July 16, 2013 Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More information2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat
2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat Faye Francy Aviation ISAC February 2015 Company Organization Corporate Defense, Space & Security Boeing Capital Corporation
More informationKent Landfield, Director Standards and Technology Policy
Kent Landfield, Director Standards and Technology Policy How would you represent your entire risk landscape to your senior management? And how would you get there? A Changing Landscape Drives Security
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationLarry Clinton President & CEO (703)
For information about membership opportunities, please contact: Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information about the Internet Security Alliance, please visit
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationReadiness, Response & Resilence:
Readiness, Response & Resilence: building out advance security operations Husam Al Saraf Solutions Principal Lead Turkey, Africa & Middle East #RSAemeaSummit 1 Traditional Security Operations Top Gaps
More informationPosition Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED
Position Description Computer Network Defence (CND) Analyst Position purpose: Directorate overview: The CND Analyst seeks to discover, analyse and report on sophisticated computer network exploitation
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationIndustry role moving forward
Industry role moving forward Discussion with National Research Council, Workshop on the Resiliency of the Electric Power Delivery System in Response to Terrorism and Natural Disasters February 27-28, 2013
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationC T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified
EC-Council C T Certified I A Threat Intelligence Analyst CERTIFIED THREAT INTELLIGENCE ANALYST PROGRAM BROCHURE 1 Predictive Capabilities for Proactive Defense! Cyber threat incidents have taken a drastic
More informationCyber Security & Homeland Security:
Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking 19 March 2014 Cyber Security Advisor Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department
More informationOperationalizing the Three Principles of Advanced Threat Detection
SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major
More informationCybersecurity in Government
Cybersecurity in Government Executive Development Course: Digital Government Ng Lup Houh, Principal Cybersecurity Specialist Cybersecurity Group 03 April 2018 Agenda Cyber Threats & Vulnerabilities Cyber
More informationExecutive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI
Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie Seader, EEI Agenda Executive Order 13636 Presidential Policy Directive 21 Nation Infrastructure Protection Plan Cybersecurity
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationMANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS
MANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS Mohamad Firham Efendy Bin Md Senan Specialist, Digital Forensics Department CyberSecurity Malaysia firham@cybersecurity.my
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationDHS Cybersecurity Services and Resources
DHS Cybersecurity Services and Resources September 18 th, 2018 Harley D. Rinerson Chief of Operations Central U.S. Cyber Advisor Program Cybersecurity Advisor Program Department of Agenda Cyber Advisor
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More information